[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pinky command

From: Hemant . Rumde
Subject: Pinky command
Date: Wed, 11 Nov 2009 11:18:57 -0500

Hi GNU Bug fixers, 

I am old school and has been using finger ( without fingerd for security
reasons ) on Unix. 
Today I came across pinky on RedHat Linux. The man page of this command 
specified your email address. 

In old days, attackers used to create .project symbolic to passwd and
group files to get the 
List of login ids and group via fingerd. I guess, Sun had fixed this
long back in 
Solaris. However in pinky, I can use symbolic link to /etc/passwd and

$ cd  <--- Go to home dir 
$ ln -s .project  /etc/passwd 
$ pinky -l  mylogin 

Pinky follows symlink of .project. I guess, Pinky should avoid .project
if it is a symlink. 

ING U.S. Financial Services 
Shared Application Engineering - Enabling Technologies 
Phone: 617-376-4298  
ING. Your future. Made easier.SM 


NOTICE: The information contained in this electronic mail message is 
confidential and intended only for certain recipients.  If you are not an 
intended recipient, you are hereby notified that any disclosure, reproduction, 
distribution or other use of this communication and any attachments is strictly 
prohibited.  If you have received this communication in error, please notify 
the sender by reply transmission and delete the message without copying or 
disclosing it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]